implement blacklisting+ticket line view

Deny Signups from blacklisted IPs.


Deny Signups with blacklisted URLs in the content of cards included on Account Request+*tform.

Lots of signups (account request or creation depending on setup).


Where would blacklists be put in a maintainable way?

 

A card is the most obvious choice, and the edit permission (and possibly view permission as well) should be restricted to either the Administrator role, or a role shared by a team of moderators. *blacklisted-ips and *blacklisted-urls, perhaps?

  --Ariel Millennium Thornton.....Mon May 25 20:58:16 -0700 2009


recommend looking over security checklist on wikimatrix.org

  --Ethan McCutchen.....Tue Jun 16 11:59:55 -0700 2009